EA says corporate networks are 'undefendable'

By on
EA says corporate networks are 'undefendable'

Security chief urges all businesses to identity crucial assets.

The security chief of the gaming giant Electronic Arts said organisations must identify their most sensitive assets with a mind that their networks are vulnerable to attack.

Spencer Mott, CISO at EA said in a keynote at Infosecurity Europe that corporate networks would be hit at some point, if they hadn't been infiltrated already. 

Complete coverage of Infosecurity Europe 2012 

“Networks are undefendable to advanced evasion techniques (AETs) and advanced persistent threats (APTs),” he said. “These types of attacks are made up of a lot of different strands so… if one technique fails, another route is taken to achieve its end goal.

“If it is not impossible, it is still difficult to defend, even if you unplug yourself from the internet due to the internal threat.”

Mott claimed all companies, regardless of size, would be hit in time.

“Eventually this threat is going to impact any significant business, although the big global brands with the most, let's say ‘interesting', things to steal are going to be the most-impacted organisations,” he added.

Despite some thinking he may have been too pessimistic, Mott believed this scare tactic was the best way for board members to realise the importance of security.

“I do think that particular statement about [every business being infiltrated] just encourages our CEOs to get more realistic,” he said. “This isn't just a role for security teams; it is about [rebuilding] business and business processes.

“In reality, it doesn't matter how big your security group is as this is no longer a central function. It is the output of every single employee and you can go wider [to customers and partners]. The reality is that it is a completely out-weighted, undefendable position to be in.”

However specific assets could still be well protected.

“Where we might not have defendable networks, we do have defendable assets,” Mott said. “We need to concentrate on what we can protect and put the measures in place for that, rather than [concerning ourselves] with the undefendable.”

The CISO concluded by saying that regardless of attacks, the best thing any company can do is understand the incoming threats and do what they can to prepare and defend.

“Be in a position as and when an attack occurs, from a brand perspective at least, to show consumers and regulators you did everything you could to defend against it,” said Mott.

“The worst thing, even if you are fully defended, is not to understand the nature of the attack and why it was successful.”

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:
apt infosecurity europe networks security
In Partnership With

Most Read Articles

Telstra towers over rivals in war for NBN power

Telstra towers over rivals in war for NBN power
NSW transit officers can't check credit card tap-ons

NSW transit officers can't check credit card tap-ons
ANZ digital chief Maile Carnegie frets over human obsolescence

ANZ digital chief Maile Carnegie frets over human obsolescence
Linus Torvalds apologises for 'hurtful' behavior, takes a break

Linus Torvalds apologises for 'hurtful' behavior, takes a break
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

How to choose a trusted IT provider
How to choose a trusted IT provider
Why Business Process Modelling Matters
Why Business Process Modelling Matters
Report: ANZ IT Decision Makers - Top Priorities for Endpoint Security 2018
Report: ANZ IT Decision Makers - Top Priorities for Endpoint Security 2018
Managed Security Service Providers for Dummies
Managed Security Service Providers for Dummies
The Cost of Cloud Expertise report
The Cost of Cloud Expertise report

Events

Log In

Username / Email:
Password:
  |  Forgot your password?